Confidentiality & Privacy Flashcards
What kind of party losses are compensatory damages?
3rd party losses because they provide restitution for the harm caused to consumers.
What is symmetric key encryption?
- It is a type of encryption that uses the same private key for encryption and decryption.
- This encryption type is good for protecting data at rest in a database.
- It uses Advanced Encryption Standard (AES) to generate keys of 128, 192, or 256 bits.
What is asymmetric encryption?
- It is encryption in which a public key is used for encryption and private key is used for decryption.
- Asymmetric encryption uses the RSA algorithm to generate keys.
This encryption uses key length of 2048, 3072, or 4096 bits.
What is the RSA algorithm?
- It is an algorithm in which RSA is used in blockchain technology, for digital signatures, and situations where identification is necessary.
- RSA requires much larger keys than AES, usually 2048, 3072, or 4096 bits.
What does symmetric encryption secure?
It secures the actual data being transmitted.
What does asymmetric encryption do?
It it used to establish a secure communication channel
What is a suitable choice for securing email communication or messaging applications?
Asymmetric encryption because there are separate public and private keys
Merchants that process credit cards must comply with what?
Payment Card Industry Data Security Standard (PCI DSS)
What is tokenization?
- It is a data obfuscation (process of concealing information) technique where it substitutes a customer’s credit card number with a random alphanumeric string (the token).
- The merchant transfers the token to the payment processor who then tokenizes (a process of HIDING your customer’s card information with a randomly generated series of letters and numbers or an alphanumeric string of characters called a “token” that can only be decrypted by the bank when processing a transaction) the token to confirm payment.
What does encryption use that tokenization doesn’t use?
Keys
What is data masking?
- AKA DATA REPLACEMENT
- It is a technique in which the masking PERMANENTLY substitutes data with fake data that appears equivalent to the original.
- Ex: Denny Miyasato becomes Joel Kasten
When you hear MASK, think of Halloween masks.
What is data replacement?
AKA HASHING
It involves replacing real data with meaningless symbols
What are the 4 phases of the data life cycle?
- Creation/collection
- Use
- Storage
- Disposal
Management should design and implement controls that ensure that data collection forms ask for what?
The MINIMUM INFORMATION NECESSARY for legitimate and lawful purposes
What are examples of risk assessment procedures?
- Re-performance (walkthrough)
- Inquiry
- Inspection
- Observation
What is a walkthrough?
- It is a risk assessment procedure where a combination of risk assessment controls (inquiry, inspection, observation) are used to compare a process to the documented policy
To provide the same level of assurance as an inked signature in a paper transaction, what would a digitally signed transaction use?
Hashing and asymmetric encryption for authentication
What is hashing?
- AKA Data Replacement.
- Hashing uses an algorithm to change data into a fixed string (ex: ###).
- After hashing the signature, the signer encrypts it using a private key.
- The receiver is given a public key to decrypt the hashed signature.
Privacy regulations (HIPAA) require the data subject’s _____ before the data holder can disclose information.
INFORMED CONSENT
What is change management?
- It is an IT practice designed to minimize disruptions to IT services while making changes to critical systems and services.
- A change is adding, modifying, or removing anything that could have a direct/indirect effect on services.
How should proprietary information be classified?
Confidential
What is a digital signature?
- It is a cryptographic technique used to verify the authenticity and integrity of digital messages, etc.
- Digital signatures are encrypted, geolocated, and time stamped to authenticate signer’s identity.
What kind of encryption does digital signatures rely on?
- Asymmetric encryption.
- If a sender signs a message, they use their private key to create a unique digital signature.
- Sender then transmits both original message and digital signature to the recipient.
- The recipient employs the sender’s public keys to verify the authenticity of the signature.
What is privacy?
In the context of the Trust Services Criteria, PRIVACY deals only with handling PERSONAL DATA (how it’s collected, used, retained, disclosed, disposed of)
